Differences between revisions 1 and 10 (spanning 9 versions)
Revision 1 as of 2010-12-14 17:49:09
Size: 754
Editor: ahasenack
Comment:
Revision 10 as of 2010-12-14 19:50:00
Size: 3759
Editor: ahasenack
Comment:
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:

== Preparing for the installation ==
What you will need:
 * Ubuntu 10.04 LTS ("lucid") server install media
 * Landscape Dedicated Server license file
 * Server X509 certificate and key, signed by a publicly known Certificate Authority, and issued for the FQDN hostname of the application server

 {i} Custom CAs can be used, but this is not documented here as it's considered an advanced topic. Administrators deploying custom CAs most likely know what needs to be done.

== Installing the Database Server ==
After having installed the basic server profile of Ubuntu Server, we need to install the postgresql database and configure it for use by Landscape. Please follow these steps:

=== Install postgresql and required libraries ===
{{{
sudo apt-get install postgresql-8.4 python-smartpm postgresql-plpython-8.4
}}}

=== Create a superuser Landscape can use ===
Landscape needs a database superuser in order to create the lower privileged users it needs to perform routine tasks and access the data, as well as alter the database schema whenever needed:
{{{
sudo -u postgres createuser --createdb --createrole --superuser --pwprompt landscape_superuser
}}}

 /!\ Use a strong password!

If this database is to be shared with other services, it is recommended that another cluster is created instead for those services (or for Landscape). Please refer to the Postgresql documentation in that case.

=== Configure PostgreSQL ===
We now need to allow the application server to access this database server. Landscape uses several users for this access, so we need to allow them all. Edit `/etc/postgresql/8.4/main/pg_hba.conf` and add the following line to its end:
{{{
host all landscape,landscape_maintenance,landscape_superuser <IP-OF-APP> md5
}}}
Replace `<IP-OF-APP>` with the IP address of the application server, followed by `/32`. Alternatively, you can specify the network address using the CIDR notation. Some examples of valid values:
 * `192.168.122.199/32`: the IP address of the APP server
 * `192.168.122.0/24`: a network address
Now we need to allow network connections to the database. Edit `/etc/postgresql/8.4/main/postgresql.conf` and find the `listen_addresses` parameter, which is probably commented, and change it to:
{{{
listen_addresses = '*'
}}}
Finally, restart the database service:
{{{
sudo /etc/init.d/postgresql-8.4 restart
}}}
It's strongly recommended to fine tune this postgresql installation according to the hardware of the server machine. This [[http://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server|page]] has some tips. We recommend to at least take a look at the following parameters:
 * `shared_buffers`: http://www.postgresql.org/docs/8.4/interactive/runtime-config-resource.html
 * `effective_cache_size`: http://www.postgresql.org/docs/current/static/runtime-config-query.html#GUC-EFFECTIVE-CACHE-SIZE
 * `wal_buffers`: http://www.postgresql.org/docs/current/static/runtime-config-wal.html#GUC-WAL-BUFFERS

Introduction

This is the baseline deployment recommendation we have for the LDS product using the Debian packages delivery mechanism. At a minimum, we have two machines:

  • a database server, running Ubuntu 10.04 LTS ("lucid"), with Postgresql 8.4
  • an application server, also running Ubuntu 10.04 LTS ("lucid"), hosting the Landscape services

Below is a diagram showing a reasonable default network layout:

(XXX - missing diagram)

Important points:

  • the APP server needs http access to people.canonical.com in order to download the USN database and detect security updates

  • the APP server also needs http access to the public Ubuntu archives, in order to update the hash-id-database files and detect new distribution releases

Preparing for the installation

What you will need:

  • Ubuntu 10.04 LTS ("lucid") server install media
  • Landscape Dedicated Server license file
  • Server X509 certificate and key, signed by a publicly known Certificate Authority, and issued for the FQDN hostname of the application server

    {i} Custom CAs can be used, but this is not documented here as it's considered an advanced topic. Administrators deploying custom CAs most likely know what needs to be done.

Installing the Database Server

After having installed the basic server profile of Ubuntu Server, we need to install the postgresql database and configure it for use by Landscape. Please follow these steps:

Install postgresql and required libraries

sudo apt-get install postgresql-8.4 python-smartpm postgresql-plpython-8.4

Create a superuser Landscape can use

Landscape needs a database superuser in order to create the lower privileged users it needs to perform routine tasks and access the data, as well as alter the database schema whenever needed:

sudo -u postgres createuser --createdb --createrole --superuser --pwprompt landscape_superuser
  • /!\ Use a strong password!

If this database is to be shared with other services, it is recommended that another cluster is created instead for those services (or for Landscape). Please refer to the Postgresql documentation in that case.

Configure PostgreSQL

We now need to allow the application server to access this database server. Landscape uses several users for this access, so we need to allow them all. Edit /etc/postgresql/8.4/main/pg_hba.conf and add the following line to its end:

host all landscape,landscape_maintenance,landscape_superuser <IP-OF-APP> md5

Replace <IP-OF-APP> with the IP address of the application server, followed by /32. Alternatively, you can specify the network address using the CIDR notation. Some examples of valid values:

  • 192.168.122.199/32: the IP address of the APP server

  • 192.168.122.0/24: a network address

Now we need to allow network connections to the database. Edit /etc/postgresql/8.4/main/postgresql.conf and find the listen_addresses parameter, which is probably commented, and change it to:

listen_addresses = '*'

Finally, restart the database service:

sudo /etc/init.d/postgresql-8.4 restart

It's strongly recommended to fine tune this postgresql installation according to the hardware of the server machine. This page has some tips. We recommend to at least take a look at the following parameters:

LDS/RecommendedDeployment1.6.0 (last edited 2011-06-08 19:43:37 by ahasenack)